On Wed, 12 Nov 1997, Andrew Gillham wrote:
> If their patch just looks through the code for '0xf0, 0x0f, 0xc7, 0xc8'
> when exec()'ing, then what stops the malicious from reassembling the
> sequence at runtime?
While I can't explain how it works, I can assure you that's not what
the BSDI code does.
--scott